TUCoPS :: Web :: CMS / Portals :: bx1343.htm

Joomla 1.0.13 CSRF
Joomla 1.0.13 CSRF
Joomla 1.0.13 CSRF

Author: Jose Carlos Nieto.

Date: Jan 08, 2008

Severity: Mild

There exists a Cross Site Scripting security hole in Joomla 1.0.13.

*Joomla!* is a free , open source  content management system  for publishing content 
on the world wide web  and intranets . 
Joomla! is licensed under the GPL , and is the result of a fork  of Mambo . 

=======Mild. It requires an administrator to be logged in and to be tricked into a specially
crafted webpage.

======Joomla! has no CSRF protection. A malicious user can trick an administrator into viewing
a specially crafted webpage containing an exploit, this exploit can execute (without permission)
any command the administrator would normally execute, such as publish a content or even add a new

=======This problem has no solution at this time.

Disclosure timeline
==================Oct 18 2007 - Vulnerability found.
Oct 18 2007 - Vulnerability reported to vendor.
Oct 18 2007 - Answer from vendor.
Jan 08 2008 - Advisory released.

Proof of Concept
If a logged in administrator visits this page a new administrator will be added to the victim's
Joomla powered website.

---- exploit code ----


---- exploit code ----

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986- AOH